Eric Knapp, chief cybersecurity engineer at the Honeywell Process Solutions cyber research lab, told Bloomberg that two-thirds of the sectors it monitors are under attack from state-sponsored hackers, who chiefly rely on infected USB sticks to gain their access to systems.

"We've seen administrative credentials for sale. We've seen specific access to specific industrial facilities for sale" online, Knapp said. "If I were to peruse the black market and I didn't have any scruples, I could say, 'I want to access this facility,' and I can purchase the access to that, which is scary."

...

Companies have built stronger networks around their control systems, making direct access more difficult for hackers. Instead, attackers craft malware to hit a company's more vulnerable corporate system and then infect any removable USB drives attached to that network. The control system's network, housed separately, is breached when a worker plugs the infected USB drive into it.

Most Popular

Knapp didn't mention any particular states that seemed to be sponsoring attacks, or particularly industries targeted, but Honeywell provides cybersecurity for oil and gas producers, chemical and power plants, natural gas processors, and mining and water treatment facilities.

It's a tough nut to crack; infrastructure is designed to last a long time. A sudden, wholesale upgrade of tech and practices is sort of a worst-case scenario. Well, second to getting hacked to hell and back.